Cybercriminals are increasingly using a clever tactic to bypass the built-in phishing safeguards of Apple iMessage, allowing them to manipulate users into reactivating disabled links in text messages. As our reliance on mobile devices for various activities—such as bill payments, online shopping, and social interactions—grows, so does the prevalence of smishing (SMS phishing) attacks targeting mobile phone numbers.
To shield users from these threats, Apple has implemented a feature in iMessage that automatically disables hyperlinks in messages from unfamiliar senders. This applies whether the sender is an email address or a phone number. However, Apple has confirmed to BleepingComputer that if a user responds to such messages or saves the sender’s contact information, those links will be reactivated.
The Art of Deception: Encouraging Replies
In recent months, BleepingComputer has observed an alarming increase in smishing attempts designed specifically to trick recipients into replying to texts. For instance, fraudulent notifications about nonexistent USPS shipping issues and fake unpaid toll fees have been sent from unknown sources with links initially disabled by iMessage.
While these types of phishing schemes are not new per se, there’s been a noticeable trend where attackers request users respond with “Y” (for yes) as part of their strategy to enable hyperlinks again. Messages often read something like: “Please reply Y and then exit this message; reopen it or copy the link into your Safari browser.”
Research indicates that this method has gained traction over the past year and saw significant growth during summer months. Many individuals have become accustomed to responding with simple confirmations like STOP or YES for various services; thus attackers exploit this familiarity hoping it will lead victims into enabling dangerous links.
Responding not only activates those links but also signals cybercriminals that they have found an active target willing to engage with phishing attempts—a risky situation indeed. Even if someone doesn’t click on any newly enabled link right away, their response can make them more appealing targets for future scams.
Vulnerable Populations at Risk
Although many readers may easily recognize these tactics as scams, there are still vulnerable individuals who might fall prey—like older adults who may lack digital literacy skills. A family friend recently showed one such text message expressing uncertainty about its legitimacy; unfortunately, people like her often become prime targets for these malicious schemes leading them potentially down paths where they divulge sensitive personal data or financial information.
If you receive any suspicious texts containing disabled links from unknown senders urging you to reply back—exercise caution! It’s best practice not only to ignore such requests but also reach out directly through official channels associated with the organization purportedly sending you the message for verification before taking any further action.
Conclusion
As technology evolves and our dependence on mobile communication increases daily activities—from banking transactions and shopping sprees—it becomes imperative we remain vigilant against emerging threats like smishing attacks targeting unsuspecting users through deceptive tactics aimed at disabling security features meant for protection. Always prioritize safety by verifying communications independently rather than engaging directly when faced with uncertainty regarding authenticity!
